Storm Worm Revamps Spoof News Alerts Spam

Security researchers at the leading online security vendor, McAfee, reported on June 20, 2008 about a new wave of spam mails originating from the Storm network, which make use of fake, fabricated and sensationalized news events. The e-mails scream of grave headlines like the Eiffel Tower being ravaged by an earthquake or stating that Donald Trump is feared to have been kidnapped.

These e-mails provide links in their body which claim to offer further and detailed information about the story. But instead, the links redirect the page to a look-alike of Pornotube, an adult video site. Thereafter, if users click on any video link provided on this fake website, an executable Storm malware is launched and automatically installed.

This category of spam botnets, executed by malware dubbed as 'Nuwar', 'Dorf', 'Peacomm', or 'Zhelatin', became popular in late 2006. They used to hook their malware to hyped and sensational news reports about major storms in Europe.

Over the years, the mode of attack has significantly evolved and keeps coming back in regular intervals. It employs a wide set of innovative social engineering methods to lure new victims into clicking e-mail links that cause infection. The latest round of attack has again taken recourse to spoofed news events to grab the recipient's attention.

There is high likelihood of this malware being used by several groups of cyber criminals, each tweaking it a little to innovate their distribution tactics.

Kevin McGhee, Researcher at McAfee, said that this social engineering tactic is very clever, as it plays upon the natural inquisitiveness in humans, concerning natural calamities and celebrities. Besides, the e-mails seem quite harmless to any uneducated user because it only contains some text and the link, according to his statement published by Vnunet on June 21, 2008.

Recently, the Storm worm tried to spread its exploits by using fake reports that the Beijing Olympics has been being cancelled. McAfee concluded that the Nuwar spammers have innovated upon current affairs and real news to manufacturing their own fictional and sensational events. This full-fledged spam campaign uses whacky titles to lure and con people into installing malware.